Wrong Time Synchronization in the Domain

Posted on 2009-04-28
Last Modified: 2012-05-06
We have 2 DCs  and both have same wrong time. how can I fix it?

sys info:
Question by:osho929
    LVL 7

    Expert Comment

    by:Vishnu Kiran,ITIL,HDI SCM,CAPM

    Please go through the below Microsoft KB article  on how to configure an authoritative time server in Windows Server 2003:

    LVL 7

    Expert Comment

    see NET TIME Help

    then try to set

    NET TIME /

    NTP uses poer 123 UDP.


    Author Comment

    should I run these two commands in Both DCs &  is it safe to run it.
    NET TIME /
    LVL 82

    Accepted Solution

    The 816042 article is plain overkill in most cases. It explains how to turn *any* W2k3 server into an authoritative time server, but in an AD domain, DCs are authoritative time servers *by* *default*.
    Usually, the *only* machine in an AD domain that needs to be configured to sync with an outside time source is the PDC emulator. Other DCs will sync with the PDCe, and members will sync with the DC authenticating them.
    "net time /querysntp" or "net time /setsntp" will *ONLY* do something useful on the PDCe; a manually configured time server will by default be ignored by domain members, they'll use the domain hierarchy instead. In general, "net time" is deprecated (it dates back to NT) and shouldn't be used anymore, use the new tool w32tm.exe instead.
    In other words: on the PDCe, open a command prompt and enter (replacing <> with the time server of your choice; the ,0x8 at the end will tell the time service to run in ntp client mode):

    w32tm /config /manualpeerlist:<>,0x8 /update
    w32tm /resync

    Time servers are here (I wouldn't use the default ""; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:

    A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet

    The project

    If your PDCe is more than 5 minutes off the real time, run this after production hours to prevent possible authentication problems before the time service on the clients gets a chance to adjust its time according to the new PDC time.

    Author Comment

    if I used The project ,is this right

    w32tm /config /manualpeerlist:<,,                             >,0x8 /update

    w32tm /resync

    Than all client should restart their machine.
    LVL 82

    Expert Comment

    Not quite, the "<...>" was just to indicate the server, it's not part of the syntax; and for several servers, the list has to be space separated:

    w32tm /config /manualpeerlist:",0x8,0x8,0x8" /update
    w32tm /resync

    If this doesn't work try it with a single server first:
    w32tm /config /,0x8 /update

    You only need to run this on the PDCe; there should be no need to do anything on the clients, in all likelihood, they should have the same time as the DCs already, and follow up on the time changes of the DCs as soon as they sync the next time.
    You can force a resync remotely by using
    w32tm /resync /computer:<Computer>

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    Learn about cloud computing and its benefits for small business owners.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now